Article Details

Infrastructure cyberattacks are suddenly in fashion. We can buck the trend. Don't be scared of the digital dark – learn how to keep the lights on. Opinion Barely a month into 2026, electrical power infrastructure on two continents has tested positive for cyberattacks. One fell flat as attempts to infiltrate and disrupt the Polish distribution grid were rebuffed and reported. The other, earlier attack was part of Operation Absolute Resolve, the US abduction of Venezuela's President Maduro from Caracas on January 3. Both attacks exhibit what's called layered ambiguity. The components, timing, and methods in the Polish event are either the product of the same organization that has attacked Ukrainian systems over the past decade, or is an incomprehensible attempt by someone else to mimic them. Meanwhile, all we officially know about how Caracas went dark as the air armada homed in is President Trump saying that the "lights in Caracas were turned off due to a certain expertise we have." That's either an army of CIA agents operating under cover of office cleaners in the power stations, or a cyberattack. What is unambiguous is that infrastructure attacks have come of age. They have history, they are integrated into military strategy, and in the hands of some at least can be expected to work. We can begin to work out what this means for the rest of us, and how to react. That Venezuela succumbed where Poland stood firm is in some measure due to circumstance. Poland has an infrastructure befitting a successful European economy, while Venezuela is, to be technical, a basket case. Lack of investment but no lack of mismanagement has seen a decade of blackouts and profound power shortages, leading to two-day working weeks and hospitals struggling to keep patients alive. If you can't keep the lights on, you can't keep the hackers out. More strikingly, the democratization of attack technologies over the same ten years has moved infrastructure attacks from the realm of nation-state specialization to a point where a 30-minute YouTube video can give a working example. Open source tools like the Shodan infrastructure search engine, Google, and Wikipedia now resemble the 1980s NSA's most potent fantasies. There's even a one-stop guide, MITRE ATT&CK, a complete curriculum of what to do when going up against a large organization and how to do it. To counter this opening up of techniques is the limited scope of success. You can disrupt things for a while, but the victim is highly motivated and prepared to get things back on again. Perhaps you can cause some short-term physical or economic damage. Anything further, as Russia has demonstrated, requires more traditional methods. As part of a fog-of-war machine causing maximum confusion and blunting initial defenses, cyberattacks in infrastructure are effective. The Caracas operation used jamming and suppression of air defenses alongside the power outages, allowing the physical assets to get in and out. Russia has been notoriously unable to operate with that level of cohesion – its Polish effort is part of Operation Chaotic Thug Next Door – to go alongside the asset vandalism, political meddling, and corruption. All this makes cyber infrastructure attacks a significant, serious threat, one that is pretty poor at political extortion or a singular game changer. It suffers from many of the limiting factors of infiltration and espionage, in that it's hard to test and harder to use without giving the game away. The discovery of Salt Typhoon in US communications infrastructure is a jarring exhibition of vulnerability, but also signaled its demise. Likewise, the evolution of open source tools and techniques for infrastructure attacks looks unwelcome, but it can become a powerful path to evolve and harden defenses. A lot of this defensive design will be needed anyway to survive in an environment of climate change disasters, uncertainties of energy supply chains, and demographic shifts. Flexibility, resilience, and redundancy are expensive to design in, more so to leave out. As with any security threat, there is no one golden shield. Even if every electronic perimeter was impregnable, a hefty bribe to a vulnerable insider or the penetration of an organization by long-term agents will do the trick. The damage one person could do to infrastructure in the pre-networked age was very limited. Give them a USB stick, and the picture changes. Thus, while the increased cadence of infrastructure cyberattacks may look like a crisis in the making, if it is, it's too good a crisis to waste. It's a chance to do double duty of increased awareness and spending on survival in a world of chaotic thug neighbors. To an extent, this is happening. In the UK, demonstrable cyber resilience is an integral, top-of-mind factor in all the national energy distribution expansion plans – it's just not talked about much. It should be. As should national policy on responses to cyberattacks. There is no deterrence when an enemy can rely on ambiguity and a security-led reluctance to publicly say what we know, and where the preponderance of evidence leads. Every push across boundaries that doesn't elicit a proportionate response is an incremental defeat. At some point, it's no longer incremental. Cyber infrastructure attacks are now a part of military force, and should be treated accordingly. Clarity is everything here. Meanwhile, while absolutely condemning all forms of electronic vandalism, we do warmly recommend getting up to speed on the same open source tradecraft material that the bad hats are using. An aware citizenry is half the battle in civic defense, and that counts double in the digital domain. Be part of the solution, not the problem.